Application Security Engineer

New

100% remote work opportunity within the continental United States.Full-TimeSenior

Salary not disclosed

Apply NowOpens the employer's application page

Job Details

Experience: 5+ years of experience in application security, product security, or security engineering roles.
Required Skills: AgileKubernetesCI/CD

Bachelor’s degree in Computer Science, Cybersecurity, or a related technical discipline.
5+ years of experience in application security, product security, or security engineering roles.
Strong knowledge of the OWASP Top 10 and common web application vulnerability patterns.
Hands-on experience reviewing code across multiple programming languages and technology stacks.
Deep familiarity with SAST, DAST, SCA, IAST, and CI/CD-integrated security tooling.
Strong understanding of authentication, authorization, encryption, and secure session management principles.
Experience securing cloud-native and containerized infrastructures.
Proficiency in at least one programming or scripting language for automation and tooling development.
Strong communication and collaboration skills with both technical and non-technical stakeholders.
Experience working in Agile software development environments alongside engineering teams.

Conduct threat modeling exercises and security architecture reviews for new and existing applications and services.
Perform manual code reviews and collaborate directly with engineering teams to harden applications and improve secure coding practices.
Implement and manage security testing tools including SAST, DAST, IAST, SCA, and secret-scanning solutions integrated into CI/CD pipelines.
Drive vulnerability management processes including triage, prioritization, remediation tracking, and SLA enforcement.
Design and promote secure-by-default frameworks, libraries, and development patterns for engineering teams.
Lead red-team and purple-team exercises to identify application weaknesses and coordinate remediation efforts.
Implement runtime protections such as WAF, RASP, abuse detection, and bot mitigation mechanisms.
Define and enforce secure authentication, authorization, session management, and cryptographic standards.
Partner with infrastructure and platform teams to secure containerized, Kubernetes, and cloud-based environments.
Develop and deliver security awareness training, onboarding materials, and secure development guidance for engineering teams.

View Full Description & ApplyYou'll be redirected to the employer's site